BGP Local-AS Feature Configuration [Explained With Examples]
![BGP Local-AS Feature Configuration [Explained With Examples]](https://learnduty.com/wp-content/uploads/2022/08/image-57.png)
What is BGP Local-AS
The local-AS feature allows a router to appear to be a member of a second autonomous system (AS), in addition to its real AS. This feature can only be used for true eBGP peers. You cannot use this feature for two peers that are members of different confederation sub-ASs.
Topology
Local-AS Command Configuration
Router R1:
R1(config)#int f0/0
R1(config-if)#ip address 172.29.1.1 255.255.255.252
R1(config-if)#no sh
R1(config-if)#
*Aug 29 10:45:15.719: %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state to up
*Aug 29 10:45:16.719: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up
R1(config)#router bgp 65001
R1(config-router)#neighbor 172.29.1.2 remote-as 65002
R1(config-router)#neighbor 172.29.1.2 local-as 100
R1(config-router)#
*Aug 29 10:57:34.251: %BGP-5-ADJCHANGE: neighbor 172.29.1.2 Up
Router R2:
R2(config)#int f0/0
R2(config-if)#ip address 172.29.1.2 255.255.255.252
R2(config-if)#no sh
R2(config-if)#exit
*Aug 29 10:45:44.683: %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state t o up
R2(config)#router bgp 65002
R2(config-router)#neighbor 172.29.1.1 remote-as 100
R2(config-router)#
*Aug 29 10:57:03.915: %BGP-5-ADJCHANGE: neighbor 172.29.1.1 Up
To better understand, let’s make a capture during the process of forming BGP neighbors:
- In the OPEN Message, we can see that R1 is advertising 100 as his local AS (not 65001)
And we can verify that on R2 CLI, the neighbor AS is 100:
R2#show ip bgp summary
BGP router identifier 172.29.1.2, local AS number 65002
BGP table version is 1, main routing table version 1
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
172.29.1.1 4 100 4 4 1 0 0 00:00:23 0
R2 as expected advertising 65002 as his local AS (no magic here):
Notes about local-AS features:
- When sending BGP updates from R1 to R2, the AS-PATH will contain both AS numbers (the real ASN of R1 and the ASN advertised the BGP OPEN Message).
We can verify this by sending update from R1, AS_PATH: 100 65001.
Note: In our example, R1 is advertising 1.1.1.1/32 route and R2 advertising 2.2.2.2/32 route
We can confirm this on R2 CLI:
R2#show ip bgp
Network Next Hop Metric LocPrf Weight Path
*> 1.1.1.1/32 172.29.1.1 0 0 100 65001 i
Same for updates from R2 to R1, the AS mentioned in Local AS will be added in the AS-PATH by default.
R1#show ip bgp
*> 2.2.2.2/32 172.29.1.2 0 0 100 65002 i
In simple words, the ASN mentioned in local-as command resides in the middle between real AS of R1 and the AS of R2: R1 ASN (65001) – local-as ASN (100) – R2 ASN (65002)
- Updates from R1 to R2 will have AS-PATH: 100 65001
- Updates from R2 to R1 will have AS-PATH: 100 65002
This is the default behavior of local AS command, but, we can tune-up this by adding some options in the next part.
Local-as command Options
* no-prepend:
As we checked previously, when R1 (which has local-as configuration) receive a route from its peer, it automatically adds the “the local-as ASN” in the AS-PATH for the received route. this behavior is not normal (usually local AS will be added to AS-PATH only when transmitted to a peer).
To “correct” this behavior, we can use no-prepend option. it will remove the “the local-as ASN” for this inbound routes.
Note: This option only applies to inbound routes, not outbound advertisements.
We can verify this on our topology:
R1(config)#router bgp 65001
R1(config-router)#neighbor 172.29.1.2 local-as 100 no-prepend
R1(config-router)#
*Aug 29 13:15:32.503: %BGP-5-NBR_RESET: Neighbor 172.29.1.2 reset (Local AS change)
*Aug 29 13:15:32.515: %BGP-5-ADJCHANGE: neighbor 172.29.1.2 Down Local AS change
*Aug 29 13:15:32.515: %BGP_SESSION-5-ADJCHANGE: neighbor 172.29.1.2 IPv4 Unicast topology base removed from session Local AS change
*Aug 29 13:15:33.447: %BGP-5-ADJCHANGE: neighbor 172.29.1.2 Up
R1#show ip bgp
Network Next Hop Metric LocPrf Weight Path
*> 2.2.2.2/32 172.29.1.2 0 0 65002 i
* no-prepend replace-as:
Even if local-as command is tricking to the neighbor (for the neighbor, the remote-as is the ASN you specify under local-as command), but, when advertising a route to this neighbor, the AS-PATH contain you real AS and the “local-as ASN”.
In our example, R2 receives routes from R1 with AS-PATH: 65001 100, as you can you can see, you real ASN is not really hidden from your neighbor.
If you need to hide the real ASN, we can use the combination of options: no-prepend repalce-as, the real AS won’t even be added to the AS-PATH attribute when advertising routes updates to the neighbor.
let’s verify:
R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)# router bg
R1(config)# router bgp 65001
R1(config-router)#neighbor 172.29.1.2 local-as 100 no-prepend re
R1(config-router)#neighbor 172.29.1.2 local-as 100 no-prepend replace-as
R1(config-router)#
*Aug 29 13:36:07.651: %BGP-5-NBR_RESET: Neighbor 172.29.1.2 reset (Local AS change)
*Aug 29 13:36:07.663: %BGP-5-ADJCHANGE: neighbor 172.29.1.2 Down Local AS change
*Aug 29 13:36:07.667: %BGP_SESSION-5-ADJCHANGE: neighbor 172.29.1.2 IPv4 Unicast topology base removed from session Local AS change
*Aug 29 13:36:08.559: %BGP-5-ADJCHANGE: neighbor 172.29.1.2 Up
On Wireshark, we can see the BGP update from R1.
The AS-PATH attributes only contain the ASN specified in local-as command.
Now, if we check R2. Now R2 completely thinks that the routes coming from AS 100, he have no idea about the real AS of the neighbor, which may be beneficial is some use cases.
R2#show ip bgp
Network Next Hop Metric LocPrf Weight Path
*> 1.1.1.1/32 172.29.1.1 0 0 100 i
* no-prepend replace-as dual-as:
The dual-as keyword is used to configure the eBGP neighbor to establish a peering session using the real autonomous-system number (from the local BGP routing process) or by using the autonomous-system number configured with the ip-address argument (local-as).
TBC
